Analysis
-
max time kernel
1559s -
max time network
1560s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
04/01/2024, 21:21
General
-
Target
UntitledNuker-master/src/UntitledNuker.py
-
Size
21KB
-
MD5
de5043cfbbfa73015e277e1b141e9088
-
SHA1
f19481f09dd9f82fd4d70de52313cbd87e5a1dce
-
SHA256
e7bcf41e37c6919b180cf9372e850ceb3bb2fd14a23f757e802148a60e5dd937
-
SHA512
9ffa8ca75bf6b5c9cc850a219e68ac1474466bbeb890b1ff522f44407df9606add44b06f5c56aa4b70b78b2023144a8fabf67818fe469147c0b54ec3e7dcb459
-
SSDEEP
192:0x9tq/z2FmB5b+bf8pmRIlrUkPIa5mco8B/BCpoxlgfxM+jncSxU4AsSQa/gQYjt:0rY+b3JkPIJO8TiXk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\src\UntitledNuker.py1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\src\UntitledNuker.py2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UntitledNuker-master\src\UntitledNuker.py"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD59bfb3ba9e87cf59fe89df0497641e1ce
SHA1c03e40ec57dfda0b7b4318e451eb9de18aa9d983
SHA25666810149858b37c01149976494d941c0788ef51253c761bcd514258bea87cbb6
SHA51298d380113613efca9a6f780909d4ddb4fcd20f91f17e55a4307167ed1c3d1431190cb99081a87fa0c9d9817ecf96d1cfbaf67b59d521c869f70f0855e2582ced